Hackers nab 25M accounts in another Mail.ru breach

Over 25 million accounts associated with forums hosted by Russian internet giant Mail.ru have been stolen by hackers.

Two hackers carried out attacks on three separate game-related forums in July and August. One forum alone accounted for almost half of the breached data – a little under 13 million records; the other two forums make up over 12 million records.

The databases were stolen in early August, according to breach notification site LeakedSource.com, which obtained a copy of the databases. The hackers' names aren't known, but they used known SQL injection vulnerabilities found in older vBulletin forum software to get access to the databases. An analysis of the breached data showed that hackers took 12.8 million accounts from cfire.mail.ru, a total of 8.9 million records from parapa.mail.ru, and 3.2 million accounts from tanks.mail.ru.

The hackers were able to obtain usernames, email addresses, scrambled passwords and birthdays. Some of the forums allowed the hackers to also obtain IP addresses, which could be used to determine location, and phone numbers.

A member of the LeakedSource group told me that about half of the passwords – around 12 million – were easily cracked using readily available cracking tools. That's because, according to the group's blog post, the sites "all used some variation of MD5 with or without unique salts," an algorithm that is considered insecure by today's standards. The group said that the most common four passwords were some combination of "123456789," which in part made it easier to determine a significant portion of the leaked passwords.

The breach notification confirmed that it has added the breached data into its database, alongside another 2.3 million records from 10 other websites that the group bundled in with its blog post. This is the latest hack in a long line of similar attacks on out-of-date and unpatched forums with widely known and glaring security flaws. Many of Mail.ru's forums ran versions of vBulletin software dating back to early-2013.

It's also not the first time that Mail.ru has suffered a breach this year. In June, the company – which also owns Russian social network VK.com – confirmed that it was also breached, albeit some years earlier when the site's security was far more primitive. A Mail.ru spokesperson did not comment by the time of publication. We'll update if we hear back.